Exchange Online – Automapping disabled for shared mailboxes

In our organisation we wanted to provide FullAccess permissions to some mailboxes for our PA staff. But we didnt want the mailbox to download and cache on the local drive, but instead that we could give them access via OWA/365.

For reference the -Identity is the mailbox in which you want to grant FullAccess to, and the -User property is for the user who will receive the FullAccess permission. So if User A wanted to give User B, the FullAccess permission, we would follow the below code to complete that.

 

Remove-MailboxPermission -Identity User.A@domain.co.uk -User User.B@domain.co.u -AccessRights FullAccess -InheritanceType All

Add-MailboxPermission -Identity User.A@domain.co.uk -User User.B@domain.co.u -AccessRights FullAccess -InheritanceType All -AutoMapping $true

 

 

Google to Office 365 Migration – Calendar Gotcha

We came across an issue during a recent Gmail to Office 365 Migration whereby a user was sending meeting invites as an Internal Events mailbox (internalevents@domain.co.uk). When sending to the Google Group AllStaff@domain.co.uk the user was seeing that either users did not receive the calendar invite or were not able to respond. Upon digging into this Google group had a large number of other groups nested inside it, which then in the nested groups have users.

It seems that none of these groups are Public meaning that they cannot receive email from external addresses – Google obviously seeing 365 as external to itself. We then found that the way in which Google Groups handle emails to users is different to the way an external user sending a calendar invite direct to another user would work. Instead, the group recognises that the external address doesn’t have permission to expand and view the group and see the users and therefore “hides” the users from the external address and acts like a proxy, so when the calendar invite gets to the mailbox there is no method for the user to send an RSVP, meaning that any recipient that the user sent an invite too did not have the opportunity to RSVP unless they were explicitly defined.

Having a chat with Google support they provided the understanding that this is expected behaviour, providing the following white paper to support – https://support.google.com/calendar/answer/172013?hl=en

The method used to get around this was to manually go into the nested google groups and export out the external users, so our user could send directly to them.

Office 365: Set an individual user’s password to never expire with PowerShell

Recently the password policy changed within our organisation in which we wanted to change the password expiry for a certain account criteria. You will need to ensure that you have the AzureAD and Office 365 Modules installed on your machine, and you want to run PowerShell as Administrator.

The below PowerShell will allow you to connect to Office 365 and then complete the changing of password expiry:

$Credential = Get-Credential
Set-ExecutionPolicy RemoteSigned

#Import Exchange Powershell/O365
Import-Module MsOnline
$ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Credential -Authentication Basic -AllowRedirection
Import-PSSession $ExchSession -AllowClobber
Connect-MsolService -Credential $Credential

Set-MsolUser – UserPrincipalName <AccountName> -PasswordNeverExpires $True

 

 

Disable all Expired AD and move accounts to the Disabled Users OU

Recently i have been undertaking a look at revamping the leavers process. This code is a stop gap for expired accounts to be disabled and moved into the disabled OU. An email can then be sent to the Service Desk team to notify them of the accounts that have been moved.

$Account = Search-ADAccount -AccountExpired | select Name, SamAccountName, AccountExpirationDate, LastLogonDate

foreach ($line in $Account){

Get-ADUser -Identity $line.SamAccountName | Disable-ADAccount -WhatIf
Get-ADUser -Identity $line.SamAccountName | Move-ADObject -TargetPath “OU=Disabled Accounts,OU=domain,DC=domain,DC=domain” -WhatIf

}

$Name = $Account.Name
$Body = @()
$Body += “Names of Disabled Users:” + “`n”
$Body += $Name
$Body = $Body | Out-String

$date = Get-Date -Format g
$Subject = “Disabled Users for” + ” ” + (Get-date -Format g)

Send-MailMessage -From <ADExpiry>@domain.net -To <Recipient>@domain.co.uk -SmtpServer <IP> -Subject $Subject -Body $Body

Add a NIC to an Azure IaaS VM

At the moment if you want to add a new NIC to a VM, you will need to complete the attachment via PowerShell. You should be aware that a VM may need to be offline before you add the NIC too it.  You can follow the below to add your multiple NIC’s to your Azure VM’s.

N.B. Not all the virtual machines sizes support multiple NICs. Check if your VM size is supported ( https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-size-specs/)

 

#Get the VNET to which to connect the NIC
$VNET = Get-AzureRmVirtualNetwork -Name ‘<vNet>’ -ResourceGroupName ‘<ResourceGroup>’

#Get the Subnet ID to which to connect the NIC
$SubnetID = (Get-AzureRmVirtualNetworkSubnetConfig -Name ‘Subnet’ -VirtualNetwork $VNET).Id

#NIC Name
$NICName = ‘<vmname-ethvalue>’

#NIC Resource Group
$NICResourceGroup = ‘<ResourceGroup>’

#NIC creation location
$Location = ‘<Region>’

#Enter the IP address
$IPAddress = ‘<IP>’

#Create now the NIC Interface
New-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroup -Location $Location -SubnetId $SubnetID -PrivateIpAddress $IPAddress

$VMname = ‘<Name>’
$VMRG =  ‘<ResourceGroup>’

#Get the VM
$VM = Get-AzureRmVM -Name $VMname -ResourceGroupName $VMRG

#Add the second NIC
$NewNIC = Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroup
$VM = Add-AzureRmVMNetworkInterface -VM $VM -Id $NewNIC.Id

#Show the Network interfaces
$VM.NetworkProfile.NetworkInterfaces

#We have to set one of the NICs to Primary, i will set the first NIC in this example
$VM.NetworkProfile.NetworkInterfaces.Item(1).Primary = $true

Convert VM’s to use Azure Hybrid Benefit for Windows Server with Azure PowerShell

As most people we always want to drop costs in our IT Infrastructure, with the new Azure Hybrid Benefit for Windows Server this is another way to save money.

Azure Hybrid Benefit for Windows Server allows you to use your on-premises Windows Server licenses and run Windows virtual machines on Azure at a reduced cost. This has been added to the Azure Resource Manager VM deployment process. You can historically go back through your current VM’s and utilise these savings if you are applicable.

Be aware that some VM sizes are not supported, so you may run into this issue.

# To login to Azure Resource Manager
Login-AzureRmAccount

# To select a default subscription for your current session
Set-AzureRmContext -SubscriptionId “<Subscription-ID>”

$VMs = Get-AzureRMVM | Where-Object {$_.LicenseType -eq “”}

foreach ($VM in $VMs) {

$vm.LicenseType = “Windows_Server”
Update-AzureRmVM -VM $VM -ResourceGroupName $VM.ResourceGroupName

}